HHS advisory panel considers patient consent framework

An advisory group to the Health and Human Services Department today began considering a draft Basic Patient Privacy Consent technical framework that describes how health organizations should incorporate patients' consents and consent policies into their enterprises.

The Health IT Standards Committee’s privacy and security workgroup gave its members a draft patient consent framework. The draft was created with input from Integrating the Health Enterprise, an organization that promotes the coordinated use of technical standards.

The patient consents are needed for collecting and sharing patient health care data in electronic health record (EHR) systems to improve quality of care and public health. In many cases, data is de-identified to avoid identifying the patient. HHS currently is distributing $17 billion in incentives under the economic stimulus law to doctors and hospitals that adopt the electronic systems.

The goal of the basic patient privacy consent framework is to be human readable, machine readable and able to handle multiple types of consents and documents.

Under the framework, a health information exchange would develop a set of privacy and consent policies and start an access-controlled system to implement those policies supported by an EHR system. Patients would be given the policies and could “selectively acknowledge” which policies apply to their records.

The draft included at least 12 types of patient consents, including implicit and explicit opt-out and opt-in, authorizations for specific research projects and authorizations for use of the document but not for republishing.

The metadata for the consent would classify the level of confidentiality associated for the consent document.